Viruses & Malware

A new Beastie Boys' CD called "To the Five Boroughs" (Capitol Records), is raising hackles around the Web for reputedly infecting computers with a virus.

Enterprises whose workers use one of the free public instant messaging networks -- the likes of America Online's, Yahoo's, or Microsoft's -- risk malicious attacks that could make the quick-spreading Sasser worm look like a worn-out snail, said a security analyst Friday. "In instant messaging, we have a lot of the same security issues as in e-mail and networks," said Eric Chien, a senior researcher with Symantec's security response team.

An average of one in three PCs scanned in March and April was carrying a system monitor or Trojan horse hidden on its hard drive.

The research, carried out by privacy firm Webroot Software and ISP EarthLink, warned that these sorts of spyware can forward information about a user's online activities to another individual or company without the user's knowledge or permission.

Scans of 650,000 consumer PCs performed between 1 March and 30 April found more than 18 million instances of spyware.

The worm program, dubbed Cabir by Russian antivirus company Kaspersky, apparently uses the Bluetooth short-range wireless feature of smart phones that run the Symbian operating system to detect other Symbian phones, and then transfers itself to the new host as a package file. While able to replicate the spread of the virus in research settings, antivirus companies have not found any evidence that the program is infecting smart phones outside of those limited test cases.

A new multilingual worm from Hungary hit networks over the weekend and is spreading steadily.

Zafi.B, also known as Erkez.b or Hazafi, spreads via peer-to-peer software and as a 12,800 byte .pif attachment within emails.

It has the potential to spread widely as it mails itself out in Hungarian, English, Italian, Spanish, Russian and Swedish.

"We got a lot of this at the weekend. 58 per cent of all our returns are this worm," said Graham Cluley, senior analyst at Sophos. "Some people are not suspicious of non-English viruses, so that could be helping it spread."

Although some Linux antivirus software is now available, vendors are waiting for a major attack before pushing their wares.

Many have developed Unix antivirus products, but are only now moving to Linux to deal with potential threats to businesses running both Windows and open source software.

Network Associates recently released its first Linux server antivirus software, citing the need to stop the transmission through Linux servers of malicious code aimed at Windows.

Security experts have warned football fans to watch out for virus-infected emails that contain attachments masquerading as Euro 2004 goodies. In the run up to the Euro 2004 football championships in Portugal, anti-virus company McAfee said it is expecting an increase in viruses posing as Euro 2004 screensavers, games and movie files. According to McAfee, Excel attachments that predict the tournament's results, MPEG files showing the greatest goals, screensavers, games and sound files containing this year’s England anthem could all be a disguise for malicious code.

Computer viruses cost businesses and consumers around the world billions of dollars each year. So who -- if anyone -- is profiting from viruses? And if no one is profiting, what is the motivation behind virus creation? The answers are not completely clear.
"Almost all viruses are written for the same reason that people put graffiti on walls," said David Perry, global director of education at Trend Micro . "It's simply a desire to claw their initials into the middle of your hard drive."

Several copies of a two-stage Trojan virus, which uses an exploit to download and execute an encoded visual basic script from a website, have been seen in the wild. According to security firm MessageLabs it has intercepted several copies of a new Trojan this week although there are no other indications that it will be a major problem. No-one has come up with a name for it yet, although judging by the way it works, perhaps illiterate might be a good title. It appears in an email with a header which seems to have been penned by someone to whom English is a foreign language.

The virus that "deletes your whole hard drive" has been a staple in dozens of e-mail hoaxes that have circulated the Net in recent years. In the real world, such viruses are few and far between. According to Symantec, the new VBS.Pub is just such a beast.